<?php
session_start();
include("db_connect.php"); 
connect();
$sql="SET CHARACTER SET UTF8";   
query($sql);
include 'try_session_login.php';
if($_POST['action']=='add'){
	if($_POST['font']=="" or $_POST['font']<>$_SESSION['security_code'])
	{
		echo '<script>alert("invalid security code");history.back();</script>';	
		exit();
	}
	
	$sql = "select * from tb_order where unique_id = '".$_POST['unique_id']."'";
	$qr = select($sql);
	if(count($qr)>0)
	{
		echo "<script>alert('บันทึกข้อมูลเรียบร้อยแล้วค่ะ กรุณารอการติดต่อกลับจากเจ้าหน้าที่');window.location='order_detail.php?order=".$qr[0]['invoice']."&sid=".$qr[0]['unique_id']."';</script>";
		exit();
	}
	
	$strNextSeq = "";
	
	//*** Check Year ***//
	$strSQL = "SELECT * FROM prefix WHERE 1 ";
	$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
	$objResult = mysql_fetch_array($objQuery);
	
	//*** Check val = year,month now ***//
	if($objResult["val"] == date("Y").date("m"))
	{
		$Seq = substr("00000".$objResult["seq"],-5,5);   //*** Replace Zero Fill ***//
		$strNextSeq = $objResult["val"].$Seq;
	
		//*** Update Next Seq ***//
		$strSQL = "UPDATE prefix SET seq= seq+1 ";
		$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
	}
	else  //*** Check val != year,month now ***//
	{
		$Seq = substr("000001",-5,5);   //*** Replace Zero Fill ***//
		$strNextSeq = date("Y").date("m").$Seq;
	
		//*** Update New Seq ***//
		$strSQL = "UPDATE prefix SET val = '".date("Y").date("m")."' , seq = '1' ";
		$objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]");
	}

	
	$data = array(
		"name"=>$_POST['name'],
		"tel"=>$_POST['tel'],
		"email"=>$_POST['email'],
		"address"=>$_POST['address'],
		"province"=>$_POST['province'],
		"detail"=>$_POST['detail'],
		"car_type"=>$_POST['car_type'],
		"use_type"=>$_POST['use_type'],
		"car_brand"=>$_POST['car_brand'],
		"car_model"=>$_POST['car_model'],
		"car_year"=>$_POST['car_year'],
		"car_no"=>$_POST['car_no'],
		"car_sn"=>$_POST['car_sn'],
		"car_cc"=>$_POST['car_cc'],
		"date_start"=>$_POST['datepicker'],
		"insure_id"=>$_POST['insure'],
		"pay_type"=>$_POST['pay_type'],
		"order_date"=>date("Y-m-d H:i:s"),
		"invoice"=>$strNextSeq,
		"unique_id"=>$_POST['unique_id'],
		"price"=>$_POST['price'],
		"membership_id"=>$rs_log['id']
	);
	insert("tb_order",$data);


			$to_name ="";
			$from_name	="Central Broker";
			$email_user_send ="central.insure.broker@gmail.com";
			$email_pass_send ="showidea";
			$reply_email = $_POST['email'];
			$reply_name = $_POST['name'];
				
			$subject = "ต้องการสั่งซื้อประกันภัย จากคุณ ".$_POST['name'];
			$body_text = "";
			$body_html ="
			ชื่อ :: ".$_POST['name']."
			
			เบอร์โทรติดต่อ :: ".$_POST['tel']."
			     
			Email ::  ".$_POST['email']."	
			
			ข้อความถึงบริษัท :: ".$_POST['detail']."
			
			สมาชิกสั่งซื้อ :: ".$rs_log['name']." (".$rs_log['username'].")
			";
				
							  
			$sql="SELECT * FROM tb_admin where active = 1 ";
			$qr = select($sql);
			$i=0;
			while($i<count($qr))
			{
				$rs = $qr[$i];
				$i++;
				$to_email=$rs['email'];
				scriptdd_sendmail($to_name,$to_email,$from_name,$email_user_send,$email_pass_send,$subject,$body_html,$body_text,$reply_email,$reply_name); 
			} 
			echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
			echo "<script>alert('บันทึกข้อมูลเรียบร้อยแล้วค่ะ กรุณารอการติดต่อกลับจากเจ้าหน้าที่');window.location='order_detail.php?order=".$strNextSeq."&sid=".$_POST['unique_id']."';</script>";
}
?>